今天发现的问题，
电脑上的C、D、F盘直接双击都弹出‘拒绝访问’窗口，右键菜单中出现两个不同的‘打开’选项，还多了一个‘浏览’选项。只有E盘可以正常访问。

我使用的杀毒软件和防火墙是‘趋势科技防毒墙网络版’（校园网内共享的），查不到病毒。

请问，各位专家这是什么病毒，该怎么办，有没有什么专杀程序？

先扫个SRE日志上来吧..


下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
日志一次发不完，请分次发上来
（扫日志前请尽可能的关闭能手动关闭的窗口 如：QQ、音乐、网业）

[CODE]

2007-04-23,13:52:32

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc.]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  []
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <Acrobat Assistant 7.0><; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <><; >  [N/A]
    <fenglei><; C:\Program Files\flmpc\fengleiLive.exe>  [风雷影音工作室]
    <OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
    <Easy-PrintToolBox><C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon>  [(Verified)Canon Inc.]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><H>
[HP Image Zone 快速启动 ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Image Zone 快速启动 .lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\lh\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><H>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kerberos Key Distribution Centers / kkdc][Stopped/Auto Start]
  <C:\WINDOWS\lsass.exe -netsvcs><N/A>
[OfficeScanNT 实时扫描 / ntrtscan][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[OfficeScanNT 个人防火墙 / OfcPfwSvc][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe"><Trend Micro Inc.>
[OfficeScanNT 侦听程序 / tmlisten][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[Trend Micro Filter / TmFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[Common Firewall Driver / TM_CFW][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys><Trend Micro Inc.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
[Driver for Xinli GRE Protocol Device / XinliGREProtocol][Running/Manual Start]
  <system32\DRIVERS\XinliGREProtocol.sys><西安信利软件有限公司>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.3.1_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\npjava131_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.3.1_03]
  {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} <C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\npjava131_03.dll, JavaSoft / Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================

==================================
正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 636][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2760][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6, 0, 0, 61]
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 4541, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2768][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
[PID: 2776][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 0, 1, 26]
[PID: 2840][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 2848][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2896][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
[PID: 3060][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3124][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe]  [Hewlett-Packard Co., 053.000.013.000]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqimzone.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll]  [LEAD Technologies, Inc., 13.0.0.098]
    [c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqtray.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll]  [Hewlett-Packard Co., 53.0.13.000]

[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\HP\Digital Imaging\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\hpqmirsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqmirsc.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqedit.resources.dll]  [ , 50.0.131.0]
    [c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcc2.resources.dll]  [ , 50.0.120.0]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqvideo.resources.dll]  [ , 50.0.127.0]
    [c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqprrsc.resources.dll]  [ , 53.0.6.0]
    [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcprsc.resources.dll]  [Hewlett-Packard Co., 50.0.145.0]
    [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqisrtb.resources.dll]  [Hewlett-Packard Co., 53.0.13.0]
    [c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqbakup.resources.dll]  [ , 50.0.154.0]
    [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll]  [Hewlett-Packard Co., 053.000.013.000]
[PID: 3988][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.5451.90 (winmain(wmbla).060804-1722)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.5451.90 (winmain(wmbla).060804-1722)]
[PID: 1924][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 39]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\sasperf.dll]  [, ]
    [C:\Program Files\RhinoSoft.com\Serv-U\ServUPerfCount.dll]  [Rhino Software, Inc. +1(262) 560-9627, 6, 3, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\FOURI_M3.IME]  [北京紫光华宇软件股份有限公司, 4.0.0.5027]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\DOWNLO~1\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\WINDOWS\system32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1632][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8440]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8440]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 952][E:\刘衡\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [E:\刘衡\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif
[D:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif
[F:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

组策略里面可以修改

Autorun.inf
[C:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif
[D:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif
[F:\]
[AutoRun]
open=RUNAUT~1\autorun.pif
shell\1=打开(&O)
shell\1\Command=RUNAUT~1\autorun.pif
shell\2\=浏览(&B)
shell\2\Command=RUNAUT~1\autorun.pif
shellexecute=RUNAUT~1\autorun.pif
删除

使用WINRAR,删除每个盘中的文件:ANTORUN.INF